๐ Workflow Overview
Complete documentation of all 9 gem-ci workflows and their functionality
๐ฏ Workflow Architecture
gem-ci includes 9 comprehensive workflows that provide complete automation for Ruby gem development:
๐ Core Workflows
01 - Intake (01-intake.yml)
Purpose: First contact and organization for issues and PRs
Triggers:
- Issues:
opened,edited,reopened - Pull Requests:
opened,edited,reopened,synchronize - Push to:
.github/config/labels.yml
Key Features:
- ๐ท๏ธ Label Synchronization: Syncs repository labels from config
- ๐ค Auto-labeling: Automatically labels PRs based on file changes
- ๐ Welcome Messages: Greets first-time contributors
- ๐ PR Size Detection: Labels PRs by size (XS, S, M, L, XL)
Dependencies: GitHub App authentication
02 - CI (02-ci.yml)
Purpose: Continuous Integration with tests, linting, and builds
Triggers:
- Push/PR to:
main,master
Key Features:
- ๐งช Ruby 3.3 Testing: Optimized single-version testing
- ๐๏ธ Gem Building: Automated gem packaging
- ๐ Parallel Jobs: Lint, security, docs in parallel
- ๐ Performance Tracking: Workflow duration monitoring
- ๐ PR Status Updates: Contributes to consolidated PR dashboard
Cost Optimization: Ubuntu-only runners, Ruby 3.3 only
03 - Security (03-security.yml)
Purpose: Comprehensive security scanning and vulnerability detection
Triggers:
- Push/PR to:
main,master - Schedule: Weekly Wednesday 2 AM UTC
Key Features:
- ๐ CodeQL Analysis: Static code analysis
- ๐ก๏ธ Dependency Scanning: Vulnerability detection in dependencies
- ๐ Secret Scanning: Git history secret detection
- ๐ฆ Bundle Audit: Ruby gem vulnerability scanning
- ๐ PR Status Updates: Contributes to consolidated PR dashboard
Cost Optimization: Reduced from daily to weekly
04 - Quality (04-quality.yml)
Purpose: Code quality enforcement and documentation
Triggers:
- Push/PR to:
main,master
Key Features:
- ๐ Focused Linting: Custom YAML/JSON/Markdown validation
- ๐ RuboCop Analysis: Ruby code style enforcement
- ๐ Documentation Generation: YARD API documentation
- ๐ Complexity Analysis: Code complexity reporting
- ๐ PR Status Updates: Contributes to consolidated PR dashboard
Performance Improvement: Replaced super-linter with focused custom linting (~70% faster)
05 - Community (05-community.yml)
Purpose: Community management and engagement
Triggers:
- Issues:
opened,edited,closed,reopened - Pull Requests:
opened,closed - Schedule: Weekly Tuesday 1 AM UTC
Key Features:
- ๐งน Stale Management: Automated stale issue/PR cleanup
- ๐ฅ Contributor Recognition: Achievement badges for contributors
- ๐ Community Health: Health metrics and reporting
- ๐ท๏ธ Smart Labeling: Context-aware issue labeling
Cost Optimization: Reduced from daily to weekly
06 - Release (06-release.yml)
Purpose: Automated releases and publishing
Triggers:
- Push to:
main,master - Manual dispatch with release type selection
Key Features:
- ๐ฏ Release Please: Automated semantic versioning
- ๐ Gem Building: Automated gem packaging
- ๐ Security Scanning: Pre-release security validation
- ๐ฆ RubyGems Publishing: Automated gem publishing
- ๐ GitHub Releases: Automated release notes
- ๐ข Notifications: Slack release announcements
Dependencies: RubyGems API key, release environment
07 - Ecosystem (07-ecosystem.yml)
Purpose: Ecosystem health and compatibility monitoring
Triggers:
- Push to:
main,master - Release events
- Schedule: Bi-weekly Sunday 3 AM UTC
Key Features:
- ๐ฆ Dependency Health: Outdated dependency reporting
- ๐งช Compatibility Matrix: Ruby version compatibility testing
- โก Performance Benchmarks: Release performance validation
- ๐ Documentation Links: Link health checking
- ๐ Health Issues: Automated health issue creation/updates
Cost Optimization: Reduced from weekly to bi-weekly, Ruby 3.3 only
08 - Monitoring (08-monitoring.yml)
Purpose: Performance monitoring and health tracking
Triggers:
- Push/PR to:
main,master - Schedule: Weekly Monday 4 AM UTC
Key Features:
- ๐ Workflow Metrics: Performance and success tracking
- ๐ Action Analysis: Basic workflow health monitoring
- ๐ฅ Repository Health: Overall repository health checks
- ๐ Performance Summary: Automated performance reporting
Cost Optimization: Reduced from daily to weekly
09 - Bot Commands (09-bot-commands.yml)
Purpose: Interactive bot commands for workflow management
Triggers:
- Issue comments containing
/gem-ci
Key Features:
- ๐ Release Management:
/gem-ci revise release minor to patch - โ Release Cancellation:
/gem-ci cancel release - ๐ Help System:
/gem-ci help - ๐ค Interactive Responses: Emoji reactions and helpful messages
- โ ๏ธ Error Handling: Invalid command guidance
Dependencies: GitHub App authentication
๐ Complete Automation Tasks
| Category | Task | Workflow | Action Used | Configuration |
|---|---|---|---|---|
| ๐ CI/CD | Ruby testing | 02-ci.yml |
ruby/setup-ruby@v1 |
Ruby 3.3 (optimized) |
| ย | Ubuntu testing | 02-ci.yml |
actions/checkout@v4 |
Ubuntu-latest (cost optimized) |
| ย | Dependency caching | 02-ci.yml |
actions/cache@v3 |
Bundler cache |
| ย | Test execution | 02-ci.yml |
Custom scripts | RSpec, Minitest |
| ย | Coverage reporting | 04-quality.yml |
simplecov gem |
90% threshold |
| ๐ Security | CodeQL analysis | 03-security.yml |
github/codeql-action@v3 |
.github/config/codeql.yml |
| ย | Dependency scanning | 03-security.yml |
actions/dependency-review-action@v4 |
Vulnerability detection |
| ย | Secret scanning | 03-security.yml |
trufflesecurity/trufflehog@main |
Git history scan |
| ย | Container scanning | 03-security.yml |
aquasecurity/trivy-action@master |
Dockerfile security |
| ย | Bundle audit | 03-security.yml |
bundler-audit gem |
Gem vulnerabilities |
| ๐ Quality | Code linting | 04-quality.yml |
rubocop/rubocop-github-action@v0.1.0 |
RuboCop standards |
| ย | Documentation | 04-quality.yml |
yard gem |
API documentation |
| ย | Markdown linting | 04-quality.yml |
DavidAnson/markdownlint-cli2-action@v16 |
Markdown standards |
| ย | Super linting | 04-quality.yml |
super-linter/super-linter@v5 |
Multi-language linting |
| ๐ท๏ธ Labels | Label sync | 01-intake.yml |
crazy-max/ghaction-github-labeler@v5 |
.github/config/labels.yml |
| ย | Auto-labeling | 01-intake.yml |
actions/labeler@v5 |
.github/config/labeler.yml |
| ย | Size labeling | 01-intake.yml |
Custom script | PR size detection |
| ๐ฅ Community | Welcome messages | 01-intake.yml |
actions/first-interaction@v1 |
First-time contributors |
| ย | Stale management | 05-community.yml |
actions/stale@v9 |
60-day stale policy |
| ย | Contributor recognition | 05-community.yml |
Custom script | Achievement badges |
| ย | Health monitoring | 08-monitoring.yml |
Custom script | Community metrics |
| ๐ Release | Semantic versioning | 06-release.yml |
Custom script | Version bumping |
| ย | Changelog generation | 06-release.yml |
Custom script | Auto-generated changelogs |
| ย | RubyGems publishing | 06-release.yml |
ruby/setup-ruby@v1 |
Automated gem push |
| ย | GitHub releases | 06-release.yml |
actions/create-release@v1 |
Release notes |
| ย | Release notifications | 06-release.yml |
slackapi/slack-github-action@v1.27.0 |
Slack integration |
| ๐ฆ Dependencies | Dependency updates | Dependabot | GitHub native | .github/dependabot.yml |
| ย | Security updates | Dependabot | GitHub native | Auto-merge safe updates |
| ย | Version grouping | Dependabot | GitHub native | Development/testing groups |
| ๐ก๏ธ Protection | Branch protection | Rulesets | GitHub native | .github/config/rulesets/ |
| ย | Tag protection | Rulesets | GitHub native | Release tag protection |
| ย | Push restrictions | Rulesets | GitHub native | Development branch rules |
| ๐ข Notifications | Slack integration | Multiple | Custom shared action | SLACK_BOT_TOKEN + SLACK_CHANNEL_ID |
| ย | PR Status Dashboard | Multiple | update-pr-status action |
Consolidated PR comments |
| ๐ค Bot Commands | Release management | 09-bot-commands.yml |
actions/github-script@v7 |
Slash commands |
| ย | Help system | 09-bot-commands.yml |
actions/github-script@v7 |
Interactive help |
| ๐ Ecosystem | Dependency health | 07-ecosystem.yml |
Custom scripts | Bi-weekly checks |
| ย | Compatibility matrix | 07-ecosystem.yml |
ruby/setup-ruby@v1 |
Ruby version testing |
| ย | Performance benchmarks | 07-ecosystem.yml |
Custom benchmark scripts | Release validation |
| ๐ Monitoring | Workflow metrics | 08-monitoring.yml |
actions/github-script@v7 |
Weekly performance tracking |
| ย | Repository health | 08-monitoring.yml |
Custom health checks | Automated health reports |
| ๐งช Validation | GitHub App setup | tests/validate-github-app.yml |
actions/create-github-app-token@v1 |
Token validation |
| ย | Slack integration | tests/validate-slack-integration.yml |
slackapi/slack-github-action@v1.27.0 |
Message testing |
| ย | Label sync | tests/validate-labels-sync.yml |
crazy-max/ghaction-github-labeler@v5 |
Configuration validation |
| ย | Repository rulesets | tests/validate-repository-rulesets.yml |
Custom scripts | Ruleset validation |
๐ Workflow Dependencies
graph TD
A[GitHub App Token] --> B[01-Intake]
A --> C[03-Security]
A --> D[04-Quality]
A --> E[05-Community]
A --> F[06-Release]
A --> G[09-Bot Commands]
H[Slack Integration] --> I[Notifications]
J[RubyGems Token] --> F
K[02-CI Results] --> L[PR Dashboard]
M[03-Security Results] --> L
N[04-Quality Results] --> L
๐ Shared Actions
update-pr-status (.github/actions/update-pr-status)
Purpose: Consolidated PR status comment management
Used By: CI, Security, Quality workflows
Features:
- ๐ Single PR status dashboard
- ๐ Smart comment updates (no spam)
- ๐ Direct links to workflow runs
- ๐ Status emoji indicators
Notification System (.github/workflows/shared/notification.yml)
Purpose: Standardized Slack notifications
Used By: CI, Release, Quality workflows
Features:
- ๐ค Bot token authentication
- ๐จ Status-based color coding
- ๐ข Channel-specific notifications
- ๐ Structured message format
๐ฏ Key Optimizations Applied
Cost Reductions (~75-80% total savings)
- Ruby Versions: 3.3 only (50% reduction)
- Platforms: Ubuntu only (66% reduction)
- Schedules: Reduced frequency (85% reduction)
- Linting: Custom focused approach (70% faster)
Performance Improvements
- PR Comments: Single consolidated dashboard
- Parallel Execution: Optimized job dependencies
- Smart Caching: Efficient dependency caching
- Focused Linting: Targeted validation instead of super-linter
User Experience Enhancements
- Interactive Commands: Bot-driven workflow management
- Clear Status: Visual PR status dashboard
- Smart Notifications: Context-aware Slack messages
- Documentation: Comprehensive guides and examples
๐ Related Documentation
- CI Workflow Overview - Complete visual workflow lifecycle
- GitFlow Diagram - Visual branching model
- Local Testing Guide - Test workflows before deployment
- Bot Commands Guide - Interactive workflow management
- Customization Guide - Adapt workflows for your needs
Questions? Check our validation guide or open an issue for help.